[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposed changes to ESP (andf a little AH too)
Date: Fri, 21 Mar 1997 14:10:11 -0500
From: Stephen Kent <kent@bbn.com>
Now for a bigger change! I suggest that we reverse the order of
encryption and authentication processing, when both are employed. Now,
authentication processing occurs first, then encryption. This means that a
receiver must decrypt then autehnticate. While most systems I have seen in
the past have adopted this strategy, we are now more concerned with denial
of service attacks.
Hmm... there's a definite tradeoff here between the trying to prevent
denial of service attacks, versus the potential traffic analysis that
this allows, at least in some cases.
In the case of using ESP to create VPN's through security gateways, the
threat of traffic analysis doesn't really apply, since the authenticated
destination will always be the other security gateway. Indeed, the
traffic analysis threat isn't important if we're doing host keying for
the same reason --- the low level, unauthenticated address allows for
traffic analysis anyway.
The only place where traffic analysis would matter would be if we did
user-based keying, and we have multiple users using the same host, in a
time-sharing fashion.
I believe this is not going to be a likely use of IPSEC, and so I agree
with Steve's recommendation. If there is any disagreement on this
point, it's likely going to be because people believe that there will be
a large amount of usage of both (a) user-based keying, and (b)
time-sharing machines. While I could believe (a), I have trouble
believing (b).
- Ted
Follow-Ups:
References: